[CalendarServer-changes] [4567] CalendarServer/branches/users/sagen/deployment-inherit-fds-4549
source_changes at macosforge.org
source_changes at macosforge.org
Thu Oct 1 21:19:17 PDT 2009
Revision: 4567
http://trac.macosforge.org/projects/calendarserver/changeset/4567
Author: sagen at apple.com
Date: 2009-10-01 21:19:13 -0700 (Thu, 01 Oct 2009)
Log Message:
-----------
Auth cache + fix for logic bug in socket bindaddress
Modified Paths:
--------------
CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/memcacheclient.py
CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/cluster.py
CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/directory/appleopendirectory.py
Modified: CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/memcacheclient.py
===================================================================
--- CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/memcacheclient.py 2009-10-02 00:15:03 UTC (rev 4566)
+++ CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/memcacheclient.py 2009-10-02 04:19:13 UTC (rev 4567)
@@ -550,6 +550,19 @@
"""
+ # Short-circuit:
+ key_list = list(key_iterable)
+ server, ignored = self._get_server(key_list[0])
+ server_keys = {
+ server : key_list,
+ }
+ prefixed_to_orig_key = { }
+ for key in key_list:
+ prefixed_to_orig_key[key] = key
+ return (server_keys, prefixed_to_orig_key)
+
+
+
# Check it just once ...
key_extra_len=len(key_prefix)
if key_prefix:
Modified: CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/cluster.py
===================================================================
--- CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/cluster.py 2009-10-02 00:15:03 UTC (rev 4566)
+++ CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/cluster.py 2009-10-02 04:19:13 UTC (rev 4567)
@@ -298,6 +298,8 @@
elif config.EnableConnectionInheriting:
# Open the socket(s) to be inherited by the slaves
+ config.MultiProcess['LoadBalancer']['Enabled'] = False
+
if not config.BindAddresses:
config.BindAddresses = [""]
@@ -338,6 +340,9 @@
sock = _openSocket(bindAddress, int(portNum))
inheritSSLFDs.append(sock.fileno())
+ if not config.MultiProcess['LoadBalancer']['Enabled']:
+ bindAddress = config.BindAddresses
+
for p in xrange(0, config.MultiProcess['ProcessCount']):
if config.MultiProcess['ProcessCount'] > 1:
if port is not None:
Modified: CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/directory/appleopendirectory.py
===================================================================
--- CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/directory/appleopendirectory.py 2009-10-02 00:15:03 UTC (rev 4566)
+++ CalendarServer/branches/users/sagen/deployment-inherit-fds-4549/twistedcaldav/directory/appleopendirectory.py 2009-10-02 04:19:13 UTC (rev 4567)
@@ -33,7 +33,14 @@
import opendirectory
import dsattributes
import dsquery
+import memcacheclient
+try:
+ from hashlib import md5
+except ImportError:
+ from md5 import new as md5
+
+
from twisted.internet.reactor import callLater
from twisted.internet.threads import deferToThread
from twisted.cred.credentials import UsernamePassword
@@ -174,6 +181,14 @@
h = (h + hash(getattr(self, attr))) & sys.maxint
return h
+ def _getMemcacheClient(self, refresh=False):
+ if refresh or not hasattr(self, "memcacheClient"):
+ self.memcacheClient = memcacheclient.ClientFactory.getClient(['%s:%s' %
+ (config.Memcached.BindAddress, config.Memcached.Port)],
+ debug=0, pickleProtocol=2)
+ return self.memcacheClient
+
+
def _lookupVHostRecord(self):
"""
Get the OD service record for this host.
@@ -1087,20 +1102,37 @@
result.update(self.service.readOnlyProxiesForGUID(DirectoryService.recordType_locations, self.guid))
return result
+
+ def getMemcacheKey(self, shortName):
+ key = "auth-%s" % (md5(shortName).hexdigest(),)
+ print shortName, key
+ return key
+
def verifyCredentials(self, credentials):
if isinstance(credentials, UsernamePassword):
- # Check cached password
+ # Check cached password which is an md5 hexdigest
+
+ credPassword = md5(credentials.password).hexdigest()
try:
- if credentials.password == self.password:
+ if credPassword == self.password:
return True
except AttributeError:
- pass
+ # No locally stored password; check memcached
+ key = self.getMemcacheKey(self.shortName)
+ memcachePassword = self.service._getMemcacheClient().get(key)
+ if memcachePassword is not None:
+ if credPassword == memcachePassword:
+ # Memcached version matches, store locally
+ self.password = credPassword
+ return True
- # Check with directory services
+ # No local version, *or* local version differs; check directory services
try:
if opendirectory.authenticateUserBasic(self.service.directory, self.nodeName, self.shortName, credentials.password):
# Cache the password to avoid future DS queries
- self.password = credentials.password
+ self.password = md5(credentials.password).hexdigest()
+ key = self.getMemcacheKey(self.shortName)
+ self.service._getMemcacheClient().set(key, self.password, time=self.service.cacheTimeout*60)
return True
except opendirectory.ODError, e:
self.log_error("Open Directory (node=%s) error while performing basic authentication for user %s: %s"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091001/ce4debfd/attachment-0001.html>
More information about the calendarserver-changes
mailing list